Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 13e262cf | 2024-01-24 15:24:28 | Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386 This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing | ||
| 20273a99 | 2024-01-24 14:05:10 | Stop fiddling with hash table internals from lhash doall callers. It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@ | ||
| 91a7e774 | 2024-01-24 14:02:52 | Make it safe to delete entries from an lhash doall callback. Currently, the callback cannot safely delete entries as it could lead to contraction of the hash table, which in turn could lead to doall skipping entries (and that typically leads to memory leaks). The recommended workaround is to reach in and fiddle with the hash table internals in order to prevent contraction, call the doall function and then restore the internals that were changed. Rather than just improving our documentation, actually make it safe to delete entries from an lhash doall callback by pausing contractions prior to starting the callback loop, then restoring the down load factor and triggering contraction once completed. This means that callers no longer need access to change hash table internals in order to achieve this same behaviour. ok tb@ | ||
| 48b51562 | 2024-01-24 13:39:44 | Avoid a four byte overread in gcm_ghash_4bit() on amd64. The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@ | ||
| d5e7bdb5 | 2024-01-23 14:46:27 | Update to zlib 1.3.1 Since we already pulled in all fixes, this only bumps version/magic numbers and copyright years. The fixes relevant to OpenBSD are: - Fix bug in inflateSync() for data held in bit buffer - Add LIT_MEM define to use more memory for a small deflate speedup - Add bounds checking to ERR_MSG() macro, used by zError() - Various portability and appearance improvements | ||
| c06670c5 | 2024-01-22 21:07:09 | I forgot that chpass(1) and passwd(1) reach-around into libc for getpwent.c (isn't it horrible), and therefore lack visibility of the the libc-internal __hash_open() function. Use -DFORCE_DBOPEN in chpass/Makefile and passwd/Makefile and adjust getpwent.c to use the external visible interface. Is there a better way? | ||
| ebdedc24 | 2024-01-22 19:26:55 | make login.conf(5) and crypt_newhash(3) and the underlying code consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert | ||
| 68465c52 | 2024-01-22 17:22:58 | Similar to getpwnam(3) and getnetgrent(3), it is better to call libc-private __hash_open() than the generic dbopen(3) which pulls in all 3 database backends. ok millert | ||
| 5f5ca731 | 2024-01-22 17:21:52 | getpwnam(3) uses dbopen(3), which pulls all 3 database backends into static binaries. If we call libc-private __hash_open() instead, it results in a ~40K reduction in many static binaries. ok millert | ||
| 903e91b4 | 2024-01-22 16:18:06 | When getpwnam(3) reaches out to YP, it calls clntudp_create(3) with a pre-initialized ypconnect(2) socket. That calls clntudp_bufcreate(), which contains code checking if the socket and address are configured.. If not, socket(2) is called, or an address allocation is performed via the portmapper (which calls a whole lot more code). Split clnt_udp.c into two .c files (which will compile as seperate .o files), and create a new libc-private clntudp_bufcreate_simple() function which skips the socket and address work. Result: In most static binaries, this reduces the text segment by ~100K, and removes 5-7 system call stubs -- which might matter for non-pledged binaries with otherwise lack socket(2). ok millert jmatthew | ||
| 139761cd | 2024-01-22 14:00:13 | Link CMS_signed_add1_attr(3) to tree structure of crypto(3) manuals and add a back reference from CMS_get0_SignerInfos(3). | ||
| a3b9b4c2 | 2024-01-22 13:54:46 | Simplify history section to match what other manuals do | ||
| fbb3c7a4 | 2024-01-22 13:44:59 | Document various CMS_{signed,unsigned}_* functions These functions change signed & unsigned attributes of a CMS SignerInfo object With & OK tb@ | ||
| 8fca0c8a | 2024-01-21 17:46:03 | update docs on madvise/msync/minherit behaviour in relation to immutable memory; ok kettenis | ||
| 51689999 | 2024-01-21 17:18:13 | Static non-PIE binaries always have a base address of 0 (even if the ELF headers start at a higher address). Using the wrong base address meant that we were protecting the wrong address range for the malloc internals which made the code error out now that mimmutable(2) no longer allows an RW->R transition. Issue found by gkoehler@ who got most of the way towards a proper fix. ok deraadt@ | ||
| 9b656d3e | 2024-01-21 17:00:42 | Add Xr mimmutable to manual pages which discuss immutable memory. prodding from kettenis | ||
| 59001c6a | 2024-01-21 07:46:16 | Sync with upstream as of Jan 20 No change of compiled code: the bug fix in check_match() affects ZLIB_DEBUG builds only and the Z_ARG macro is unused. | ||
| f5252e2d | 2024-01-21 07:34:39 | libz: sync with upstream's develop branch as of Jan 18 | ||
| b40fdb3c | 2024-01-21 07:33:46 | Define HAVE_HIDDEN for libz This adds the hidden visibility attribute to functions that are needed in multiple source files of the library but not part of the public API. This is technically a major bump, but that decided to be overkill. discussed with deraadt and millert | ||
| 38558285 | 2024-01-20 13:19:37 | Early during mimmutable(2) development, we had a big problem with the chrome v8_flags variable's placement in bss, and as a workaround made it possible to demote a mimmutable mapping's permissions from RW to R. Further mimmutable-related work in libc's malloc created the same problem, which led to a better design: objects could be placed into .openbsd.mutable region, and then at runtime their permission and immutability could be manipulated better. So the RW to R demotion logic is no longer being used, and now this semantic is being deleted. ok kettenis | ||
| 33213af0 | 2024-01-20 11:16:27 | Merge docs of crc32_combine_{gen,op} from zlib.h Also add two 'len2 must be non-negative.' from upstream looks good to jmc | ||
| 2ce65aae | 2024-01-19 19:45:02 | Make our mktemp(3) callback-driven and split into multiple files. Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@ | ||
| 9a75cca7 | 2024-01-19 17:02:28 | _execvesize.c is no longer generated to support pinsyscall(SYS_execve | ||
| 3cb1b7a6 | 2024-01-19 16:30:28 | Move mktemp.c to stdlib where it belongs. OK deraadt@ | ||
| c5e6b56a | 2024-01-19 14:15:51 | Stop initializing pinsyscall(SYS_execve in static binaries that contain an execve(2) stub. The new pinsyscalls(2) that applies to all system calls has made this redundant. | ||
| fc92860c | 2024-01-19 06:32:28 | Define the IPv6 related attributes from RFC 2865. | ||
| 7e9312b9 | 2024-01-18 19:00:11 | the warning about syscall going away is a bit dated now. ok miod tb | ||
| 8afa8197 | 2024-01-18 16:30:43 | Switch from EVP_CIPHER_type() to EVP_CIPHER_nid() EVP_CIPHER_type() will never return NID_gost89_cnt since it has no associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight chance of working. Do that before beck applies the flensing knife. ok beck | ||
| ab51fa82 | 2024-01-15 18:03:39 | Make sure to return a proper string in ai_canonname. When we made sure that getaddrinfo(3) always resolves "localhost" to the loopback address we forgot to set ai_canonname if AI_CANONNAME or AI_FQDN is set. On a successful call ai_canonname has to be a NUL-terminated string if either of those flags are set. Problem observed by a@alexis-fouilhe.fr in smtpd(8) with a hostname of "localhost". OK millert | ||
| 723bccac | 2024-01-14 18:40:24 | Tidy a few more includes in cms/ | ||
| 860b359f | 2024-01-13 19:57:38 | Prepare for removing most of the X509_TRUST API X509_check_trust() is of course used by the verifier. Unfortunately M2Crypto exposes it. The only other part of the X509_TRUST API that are still needed are the X509_TRUST_* macros in x509.h, as they are used via *_set_trust and indirectly via the purpose stuff. The rest will be removed. X509_TRUST_add() was defanged recently, in particular it no longer hangs strdup()'ed strings off the global struct. Nothing ever cleaned these up. TRUST_cleanup() attempted to do so, but since it checked the dynamic/dynamic strings flags in the wrong order, that cleanup call ended up doing nothing, so that code was removed at some point. As a consequence, the struct can now be made const. Use a CTASSERT() to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and X509_TRUST_MIN hold true. Remove the global variable underlying X509_TRUST_set_default()'s functionality and move its accessor down to all the other functions that will be deleted. Inline a few things in X509_check_trust(), so we can excise the internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the default trust function can no longer be changed, call obj_trust() directly. ok jsing | ||
| b51570b5 | 2024-01-13 19:06:20 | Remove check{,obj_cleanup}_defer documentation Both check_defer() and the global variable obj_cleanup_defer were removed from the public API two years ago. Now they were removed from the internals as well, simplifying the cleanup process greatly. We no longer need them to have a chance to understand the cleanup process. Also remove references to EVP_cleanup() since this has long been deprecated and now it doesn't clean up things anymore. | ||
| 5d994da9 | 2024-01-13 18:37:51 | Remove mention of a refcount bug Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course unsurprising that you may accidentally increment the refcount if your idiom for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)). | ||
| 02b7fbf1 | 2024-01-13 17:50:01 | BIO_f_ssl.3: Remove explicit library initialization | ||
| f7ac2552 | 2024-01-13 17:04:29 | Remove calls to OpenSSL_add_all_{ciphers,digests}() | ||
| 949c64fb | 2024-01-13 16:32:53 | Move errno.h inclusion where it belongs | ||
| 5ced2856 | 2024-01-13 13:59:18 | Clean up EVP_MD_CTX_init() usage in ASN1_item_sign() ok tb@ | ||
| d4370d4f | 2024-01-13 12:46:59 | Prepare to remove the EVP_PKEY_meth_* API After removing the last caller of EVP_PKEY_meth_find() from libssl, none of these is used. And with EVP_PKEY_meth_new() gone, there will no longer be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so none of the silent failures (because they're void functions) should matter in the few weeks until we bump. ok jsing | ||
| cb82efff | 2024-01-13 12:18:52 | The OBJ_NAME API joins the party in evp_names.c ... and another file without license disappears. | ||
| 5fcc5150 | 2024-01-13 12:15:27 | Move EVP_add_{cipher,digest}() to the trashcan They will await their removal in the next major bump. | ||
| b2c1194e | 2024-01-13 12:13:17 | Open a garbage bin at the bottom of evp_names.c First to move is EVP_cleanup(), which should probably be moved to an evp_lib.c if such a file is reinstated. | ||
| 75591f2f | 2024-01-13 11:57:51 | Remove obj_cleanup_defer With check_defer() gone, this is never set to anything but 0, so the two conditional branches it is still involved in are dead code. | ||
| f5d53f8d | 2024-01-13 11:55:31 | Garbage collect check_defer() This was a mechanism to ensure that OBJ_cleanup() doesn't remove the ASN1_OBJECT associated with a custom cipher or digest (that was added with EVP_add_{cipher,digest}(), while the latter is still referenced in the OBJ_NAME table. It had the effect that OBJ_cleanup() wasn't actually called ever from OPENSSL_cleanup() (it is only called if you load the OID conf module). Oh, and of course it was once part of the public API. I fixed that two years ago, almost exactly to the day. Still mentioned in OBJ_create.3. | ||
| 226c7d4c | 2024-01-13 11:48:16 | Neuter EVP_add_{cipher,digest}() This makes them noops. They are used in the wild for adding ciphers that are always added by the library init code. This is a historic leftover. This removes the last (and only ever) calls to check_defer(). ok jsing | ||
| 0bfde4de | 2024-01-13 11:45:03 | Remove most of EVP_add_{cipher,digest}() internals OBJ_NAME_add() is a noop now, so remove all calls and simplify the remainder of these two functions a bit. Intermediate step to a larger diff that was ok jsing | ||
| 84309c90 | 2024-01-13 11:41:44 | Remove OBJ_NAME_cleanup() calls from EVP_cleanup() This is a noop now, so no need to call it. | ||
| 5aae2062 | 2024-01-13 11:38:45 | Remove the guts of the OBJ_NAME API With one exception, none of this is used anymore. All of it will be removed in the next major bump. The exception is OBJ_NAME_add(). scurity/xca ran into issues with their cert renewal logic because RSA certs had a way of mapping the signature algorithms to a hash, but a similar mechanism wasn't available for ECDSA certs. So xca uses EVP_add_digest_alias() to have corresponding aliases for ECDSA. This is a macro wrapping OBJ_NAME_add(). xca now has better logic using the more appropriate OBJ_find_sigid_algs() (which wasn't available back then). We will still add the alias entries that xca still adds ourselves to make sure there are no unexpected side effects. They make sense anyway. The diff will hopefully land in a few days. If your life depends on ECDSA cert renewal in xca please hold off on updating to a new snap. ok jsing | ||
| 7dcd30d8 | 2024-01-13 11:18:52 | Stub out {OpenSSL,OPENSSL}_add* These serve no purpose anymore (and really haven't for many years) but will have to be kept since there's a number of software that still uses them because many years ago they had to. Relocate the stubs to crypto_init.c since library initialization's what they were there for. ok jsing | ||
| 61d54817 | 2024-01-13 11:12:32 | Reimplement EVP_get_{cipher,digest}byname() Instead of a hashtable lookup do a bsearch() over the static table. This needs about the same number of strcmp and is a lot simpler. ok jsing | ||
| 4f293816 | 2024-01-13 11:08:39 | Reimplement {EVP_CIPHER,EVP_MD,OBJ_NAME}_do_all{,_sorted}(3) This implements the do_all API by simple loops over the tables of digests and ciphers. Since some ciphers are only available on some platforms, we need to skip them if necessary. We use loops in each of the functions rather the convoluted way of reducing some of the loops to others. Since the tables are sorted, as ensured by regress, both do_all() and do_all_sorted() walk the lists in order. In particular, we no longer need to allocate to be able to sort hash tables by name on the fly in a void function that may end up doing nothing because allocation failed. We still need to do an unchecked OPENSSL_init_crypto() call. But that's what prayer and clean living are there for (as beck put it). The OBJ_NAME API is completely misnamed. It has little to do with objects and a lot to do with EVP. Therefore we implement what will remain from its saner replacement in the evp directory, i.e., evp_names.c. ok jsing | ||
| 3eb32604 | 2024-01-13 11:00:09 | Add a table of digest names, digests and aliases This is the corresponding commit for digests and their aliases. It only adds a table to be used in upcoming commits. What was said about ciphers applies mutatis mutandis to digests. ok jsing | ||
| 11b90073 | 2024-01-13 10:57:08 | Add a table of cipher names, ciphers and aliases This arranges the data provided by dynamic library initialization in a static table and will help avoid gross code with missing error checking and other defects on every use of the library. This table isn't pretty due to various naming inconsistecies accumulated over the decades. It will significantly simplify the implementation of API such as EVP_get_cipherbyname() and EVP_CIPHER_do_all(). All the table does is map strings to ciphers, typically used on the openssl(1) command line or in code it's the mechanism that underlies the map from NID_chacha20 to the data returned by EVP_chacha20(). It's of course more complicated because it just had to be stupid. This is one of the places where the use of bsearch() is justified. The price to pay for the simplification is that adding custom aliases and custom ciphers to this table will no longer be supported. It is one significant user of the LHASH madness. That's just another piece of the awful "toolkit aspect"-guided misdesign that contributes to making this codebase so terrible. A corresponding table for the digests will be added in the next commit. ok jsing | ||
| e62d3f18 | 2024-01-12 19:28:02 | Remove X509_STORE_CTX_purpose_inherit(3) documentation This abomination of an API will be removed. Remove the hairy details of its internals and make the documentation of X509_STORE_CTX_set_trust(3) and X509_STORE_CTX_set_purpose(3) independent of it. Neither of these two remaining APIs can be recommended. Once set, trust and purpose are sticky. Setting the trust to a different (valid) value will indicate success but leave the value unchanged. I suppose it means the new trust value was successfully ignored. Also, setting the trust to X509_TRUST_DEFAULT can succeed or fail depending on which OpenSSL derivative you use. Setting the purpose will also set the trust (unless it is already set). Setting some purposes may or may not fail depending on the OpenSSL lib. The only way you have a chance of knowing what will be set is by calling only one of these functions directly after X509_STORE_CTX_init(). This isn't really safe either because in some versions the user can override the values stored in a global table by writing directly to it. The actual contributions here are rather minimal. State more explicitly that 0 is invalid (but results in success being returned), document the error values to be accurate across implementations and call out some of the nonsense in a CAVEATS section. Many thanks to schwarze for the very helpful review with lots of input. ok schwarze | ||
| 43fce972 | 2024-01-10 21:34:53 | X509_TRUST: tidy up includes | ||
| 64cb89d0 | 2024-01-10 21:19:56 | X509_TRUST: group together all trust_*() functions Now they are next to the trstandard[] table and listed in the order they appear in the table. | ||
| c0a0c0dc | 2024-01-10 21:14:14 | X509_TRUST: hoist trust_compat() to the other end of the file | ||
| 61bd9697 | 2024-01-10 21:11:37 | X509_TRUST: start shuffling some code around Hoist obj_trust() to the top and move the static default_trust() next to its setter. | ||
| 01489889 | 2024-01-10 17:31:28 | Rework X509_STORE_CTX_set_{purpose,trust}() Split the two codepaths in x509_vfy_purpose_inherit() into its two callers. What remains is gross, but at least a reader has a chance of following all this nonsense without leaving a significant amount of hair behind. In short, purpose and trust are only overridden if they're not already set. Otherwise silently ignore valid purpose and trust identifiers that were passed in and succeed. Error on almost all invalid trust or purpose ids, except 0, because... well... who knows, really? ok jsing | ||
| 68f05024 | 2024-01-10 14:59:19 | Inline rsa_is_pss() and rsa_pkey_is_pss() It's more explicit and not that much longer. ok jsing | ||
| 3631e0d3 | 2024-01-10 14:23:37 | Drop an unnecessary cast from jsing | ||
| 1f3bd948 | 2024-01-10 14:22:53 | Fix print_fp() The callback-based printing needs to die. But first BIO_set() will die. We have a FILE *. We have fprintf(). No need to use a static BIO to dump error codes to said stream. This basically undoes an unrelated change of "Move crpytlib.h prior bio.h" from 19 years ago (OpenSSL 25a66ee3). Except we don't cast and check len. ok jsing (who had a nearly identical diff) | ||
| d556a964 | 2024-01-10 04:28:43 | pthread_cond_timedwait(3): accept negative absolute timeouts Negative absolute timeouts are valid inputs. With input from kettenis@. Thread: https://marc.info/?l=openbsd-tech&m=170467558006767&w=2 ok guenther@ | ||
| 0d3f96a3 | 2024-01-09 07:25:57 | Fix copy-paste error that broke openssl-ruby and openssl regress Noticed by anton | ||
| 208c5b2a | 2024-01-08 10:06:50 | Disable X509_STORE_CTX_purpose_inherit() Nothing uses this function, except two internal callers. So split its guts temporarily into a helper function and disable the gross general case. The internal helper can be simplified by observing that def_purpose == 0: Overriding 0 by 0 doesn't do anything, so drop that bit. Rename ptmp into purp, and inline X509_PURPOSE_get_by_id(), i.e., make appropriate checks and subtract X509_PURPOSE_MIN. The fallback to X509_PURPOSE_get_by_id(0) will always fail since X509_PURPOSE_MIN == 1. So ditch that call. In particular, X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_ANY) fails in current because of this. That's nonsense. So remove the purp->trust == X509_TRUST_DEFAULT check as only change of behavior. This matches what OpenSSL do nowadays. They now set def_purpose = purpose if purpose != 0 and def_purpose == 0, so in all real-world uses of this function they will just fetch the same purpose again and do not check for default trust the second time around. Finally, X509_TRUST_get_by_id() is only used to ensure that a non-zero (or overridden) trust is between X509_TRUST_MIN and X509_TRUST_MAX. So expand that into its explicit form. ok jsing | ||
| e932005d | 2024-01-08 09:51:09 | Inline X509_{TRUST,PUPROSE}_set() in their only callers They are now unused and will join the exodus to the attic in the next bump. ok jsing | ||
| e0b813fd | 2024-01-08 09:31:09 | const correct aesni_{128,256}_cbc_hmac_sha1_cipher | ||
| be36bcd5 | 2024-01-08 03:32:01 | Fix logic error (&& -> ||) CID 477172 | ||
| 25346487 | 2024-01-07 19:59:32 | Garbage collect call to X509_TRUST_cleanup() Since x509_trs.c r1.33, this is a noop. | ||
| 2e686a7f | 2024-01-07 19:44:28 | libc, librthread: _twait: subtraction is not comparison Compare the current time with the absolute timeout before computing the relative timeout to avoid arithmetic overflow. Fixes a bug where large negative absolute timeouts are subtracted into large positive relative timeouts and incorrectly cause the caller to block. While here, use timespeccmp(3) and timespecsub(3) to simplify the code. Thread: https://marc.info/?l=openbsd-tech&m=169945962503129&w=2 | ||
| cec65c07 | 2024-01-07 18:15:42 | Minor cleanup in X509_STORE_CTX_purpose_inherit() Make a few checks against 0 explicit to reduce noise in an upcoming diff and tiny KNF tweaks. | ||
| 77e48307 | 2024-01-07 16:22:46 | purpose/trust: Improve comments about COUNT/MAX confusion | ||
| f90ece95 | 2024-01-07 16:18:18 | const-correct r4_hmac_md5_cipher | ||
| fd227519 | 2024-01-07 15:42:57 | Convert the remaining legacy ciphers to C99 initializers No change in the generated aarch64 assembly apart from line number changes. ok jsing | ||
| 610ca8ca | 2024-01-07 15:21:04 | Improve EVP_CIPHER_{get,set}_asn1_iv() Use iv_len for the variables storing the IV length, formerly l and j. Remove use of the unnecessary variable i and unindent the whole mess. Some return values are fishy. That will be addressed in subsequent commits. ok jsing | ||
| 307dc1ce | 2024-01-07 14:50:45 | Remove X509_TRUST extensibility This is pretty much identical to the X509_PURPOSE case: remove the stack used for extending and overriding the trust table and make X509_TRUST_add() always fail. Simplify some other bits accordingly. ok jsing | ||
| 6a583968 | 2024-01-06 20:47:01 | Zap some more CRL method things | ||
| d6495eea | 2024-01-06 17:43:39 | Remove X509_PURPOSE_cleanup() call in OPENSSL_cleanup() Since x509_purp.c r1.34 this is a noop since there is nothing to clean up anymore. Remove the last caller. | ||
| 1122c914 | 2024-01-06 17:37:23 | Remove X509_CRL_METHOD internals Another complication of dubious value that nobody's ever used. crl_init(), crl_free() and the meth_data are dead weight, as are their accessors. Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes the trivial wrapper of ASN1_item_verify() that one would expect it to be. It is quite unclear what kind of customization would make sense here... def_crl_lookup() is renamed into crl_lookup() and its two callers, X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we don't need a prototype. ok jsing | ||
| 9c4f0f43 | 2024-01-06 17:17:08 | Remove X509_PURPOSE extensibility Another bit of global state without lock protection. The by now familiar complications of a stack to make this user configurable, which, of course, no one ever did. The table is not currently const, and the API exposes its entries directly, so anyone can modify it. This fits very well with the safety guarantees of Rust's 'static lifetime, which is how rust-openssl exposes it (for no good reason). Remove the stack and make the X509_PURPOSE_add() API always fail. Simplify the other bits accordingly. In addition, this API inflicts the charming difference between purpose identifiers and purpose indexes (the former minus one) onto the user. Neither of the two obvious solutions to avoid this trap seems to have crossed the implementer's mind. ok jsing | ||
| b68104e4 | 2024-01-05 21:22:01 | EVP_PKEY_asn1_find_str() tweaks Switch i to a size_t and improve a flag check. Part of an earlier diff that was ok jsing but were lost when I reworked the diff. | ||
| fb8a40b8 | 2024-01-05 10:18:52 | evp_key.c: Remove more unnecessary parentheses | ||
| 7c4f9497 | 2024-01-05 10:15:36 | Minor tweaks in EVP_read_pw_string_min() Remove unnecessary parentheses and use a better place to break an overlong line. | ||
| b0c223ce | 2024-01-05 10:14:08 | Plug a leak in EVP_read_pw_string_min() Use an error exit that frees the ui in case the UI_add_* fail. Also add a few empty lines for readability. ok joshua | ||
| 20c8931a | 2024-01-04 20:15:01 | Disable EVP_PKEY_meth_* extensibility This removes the global pkey_app_methods stack that was never cleaned up and makes EVP_PKEY_meth_add0() always fail and push an error on the stack. EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and things become a bit cleaner. It's still all way more complicated than it needs to be... ok jsing | ||
| fe1adf5a | 2024-01-04 20:02:10 | Remove last external call to EVP_PKEY_meth_find() In order to determine whether GOST is properly enabled, libssl has various weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see whether the relevant cipher is around. Check the same thing with an #ifdef instead. ok jsing | ||
| a6d8ed60 | 2024-01-04 17:38:36 | Remove unused app_data from EVP_CIPHER The EVP_CIPHER structs are static const data that the library returns when you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to hang user data off such a struct, but it's been there since forever. ok jsing | ||
| a03a5a63 | 2024-01-04 17:22:29 | Clean up EVP_PKEY_asn1_get0_info() a bit Use better variable names without silly p prefix and use explicit checks against NULL. | ||
| 63332565 | 2024-01-04 17:17:40 | Clean up EVP_PKEY_asn1_find_str() Use slightly better argument and variable names, do not pointlessly try to match a string of negative length < -1, use a size_t for the strlen() and preserve the logic that allows lookup by a string fragment rather than a full string. ok jsing | ||
| 680e1051 | 2024-01-04 17:08:57 | Simplify EVP_PKEY_asn1_find() EVP_PKEY_asn1_find() finds the EVP_PKEY_ASN1_METHOD underlying the method or alias with nid (or, rather, pkey_id) passed in. Now that we have the base method stored in a pointer, we can return that method after a simple lookup of said nid (or, rather, pkey_id). ok jsing | ||
| 9ed721ec | 2024-01-04 17:01:26 | Replace .pkey_base_id with a .base_method pointer Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing | ||
| 7a766feb | 2024-01-04 16:50:53 | Neuter the remainder of the ameth lib The few pieces of the ameth lib that will stay in libcrypto were moved to p_lib.c recently. The functions that still are in ameth_lib.c will be removed in the next major bump. With disabled EVP_PKEY_asn1_add{0,_alias}() API they are completely useless now and they are getting in the way of more ameth surgery. Rip out their guts and turn them into stubs that do nothing but push an error onto the stack. ok jsing | ||
| fa20815c | 2024-01-04 16:41:56 | Split ameth arrays into individual methods For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing | ||
| 085d145c | 2024-01-04 09:47:54 | Improve length checks for oiv and iv There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the IVs of block ciphers. In most modes, only iv is used, but in some modes iv is modified and oiv is used to store the original IV. At the moment nothing enforces that they are of the same length. Therefore make sure the correct one or both are checked before writing to or reading from them. ok miod | ||
| 0a1afe4a | 2024-01-03 09:13:32 | Improve order in ancient CMS helpers First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv() which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function it wraps. | ||
| 2b055381 | 2024-01-02 21:27:39 | Move a t to the right place in a comment | ||
| e6f6d3d4 | 2024-01-02 21:24:42 | Match struct order for the EVP_CIPHER_CTX accessors This isn't great since the struct is ordered in about the silliest way imaginable, but it is better than it was before. Bringing order into this mess is harder than solving a Rubik's cube. | ||
| 35c9a4a5 | 2024-01-02 21:12:25 | Move down EVP_CIPHER_CTX accessors expose EVP_CIPHER internals These confusingly named getters were added "for convenience" in 1.1. They fit best next to the EVP_CIPHER API. | ||
| e8bd9695 | 2024-01-02 20:48:40 | Move the trivial EVP_CIPHER getters down They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth* API, which are setters, in a way. | ||
| a0acfa78 | 2024-01-02 20:00:45 | Simplify EVP_CIPHER_{asn1_to_param,parma_to_asn1}() There's no need for a ret variable and else if/else | ||
| f3f06693 | 2024-01-02 19:56:43 | Move the EVP_CIPHER API that only exists for CMS/legacy a bit down |